Skip to main content
CVE-2018-7890 CRITICAL POC THREAT Emergency

A remote code execution issue was discovered in Zoho ManageEngine Applications Manager before 13.6 (build 13640). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho RCE Command Injection Manageengine Applications Manager
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
79.2%
CVE-2018-7183 CRITICAL Act Now

Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Ntp Freebsd +2
NVD
CVSS 3.0
9.8
EPSS
10.8%
CVE-2018-1216 CRITICAL Act Now

A hard-coded password vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dell Emc Solutions Enabler Virtual Appliance Emc Unisphere For Vmax Virtual Appliance Emc Vasa Virtual Appliance +1
NVD
CVSS 3.0
9.8
EPSS
22.1%
CVE-2018-0147 CRITICAL KEV THREAT Act Now

A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) prior to release 5.8 patch 9 could allow an unauthenticated, remote attacker to execute arbitrary commands on. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Deserialization Cisco Secure Access Control System
NVD
CVSS 3.1
9.8
EPSS
18.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy